Process for encrypted login to a secure computer network, for the creation of a session of encrypted communications between computers and a device including a mobile phone logged into a network, for the persistence of encrypted communications between communication devices, and for the termination of communications

ABSTRACT

A method for users of devices including mobile phones and computers to engage in encrypted communications with other devices using asymmetrical key exchange technology, involving the user of a device first creating a password and then at a later time re-entering that password on the device, with the result that when the password is re-entered the device is able to decrypt a set of software components that are required for a fresh session of encrypted communications.

CROSS REFERENCE RELATED APPLICATIONS

This application claims priority to Australian patent application no.2013901852 entitled, “A process for Encrypted Login to a Secure ComputerNetwork, for the Creation of a Session of Encrypted CommunicationsBetween Computers and a Device Including a Mobile Phone Logged into aNetwork, for the Persistence of Encrypted Communications betweenCommunication Devices, and for the Termination of Communications”, filed2013-05-23; and Australian patent application no. 2013101046 entitled,“A process for Encrypted Login to a Secure Computer Network, for theCreation of a Session of Encrypted Communications Between Computers anda Device Including a Mobile Phone Logged into a Network, for thePersistence of Encrypted Communications between Communication Devices,and for the Termination of Communications”, filed Aug. 2, 2013; andAustralian patent application no. 2013902015 entitled, “A Login Processfor Mobile Phones, Tablets and Other Types of Touch Screen Devices orComputers”, filed on Jun. 4, 2013; each of which is hereby incorporatedby reference as though fully set forth herein.

BACKGROUND OF THE INVENTION

1. Technical Field

The present invention pertains to the field of computer security and inparticular to the field of establishing secure communication linksbetween a portable communication device and a remote server.

2. Background Art

The field of computer security addresses a plurality of issuesincluding, but not limited to, security of communication devices,security of servers that the devices access and security of the linkbetween the servers and the devices.

BRIEF SUMMARY OF THE INVENTION Technical Problem

To solve, at least in part, the problem of establishing a secure linkbetween a portable communication device and a remote server and inparticular addressing the problem of ‘man in the middle’ attacks betweenthe device and the server.

Technical Solution

Using a plurality of overlapping identifying indicia and processesincluding: a location identifier for the device, randomised passwordsfor the device requiring a plurality of re-entries to refresh sessions,a device identifier, a server identifier, a connection identifier,asymmetric key encryption (including the possibility of manual deliveryof private keys and manual audits) so as to ensure that the link betweenthe server and the device is as secure as possible.

Advantageous Effects

The prospect of corruption of the link between a communication deviceand a remote server by an unauthorized person is minimized.

Introduction to the Invention

In view of the above, in one aspect of the invention a method forsecuring a signal passing between a communication device and a server isprovided, which includes a step of: including, on at least twooccasions, a password associated with the communication device in thesignal, where the signal has been encrypted using asymmetric keyencryption.

In a related aspect the invention also provides a computer systemfurther including a server; means for storing data used by the server;means for asymmetrically encrypting a signal that passes between theserver and a communication device connected to the server; and means forauthenticating the signal using a password that has been passed to theserver from the communication device on at least two occasions.

In another related aspect the invention also provides a computer systemfurther including means for determining location of a communicationdevice connected to the system; wherein the system is secured usingasymmetric key encryption.

In yet another related aspect the invention also provides a computersystem further comprising means for randomizing the system's passwordentry display in such a way as to secure the system.

BRIEF DESCRIPTION OF THE DRAWINGS

FIG. 1 broadly outlines the connective relationships between a portablecommunication device and a server across a secure network that has beensecured according to embodiments of the present invention.

FIG. 2 goes into further detail about the cryptography componentillustrated previously in FIG. 1 and in particular details the processof public and private key exchange across a secure a network.

FIG. 3 details the installation of software used to implement preferredembodiments of the present invention on smartphones, laptop computers,and tablets.

FIG. 4 illustrates various components of preferred embodiments of thepresent invention that are installed on a communication device and aserver, including in particular identifiers including a deviceidentifier, location identifiers, and cryptography applications.

FIG. 5 illustrates the process of extracting data from a login form usedon a portable communication device (including extraction from a user ofa password, extraction from a device of the device's identifier) andassociated encryption of the message. Data is extracted from the loginform and stored in memory storage device 98.

FIG. 6 shows further details pertaining to connecting to a remote serverusing a portable communication device and in particular the transmissionof an encrypted message from the device to the server, where the messagecontains a plurality of indicia used to authenticate the request foraccess by the device including a device identifier, a user name and apassword.

FIG. 7 shows the processing of the encrypted message sent by a clientdevice to a login authentication server and in particular FIG. 7illustrates the use of a password, user name and device identifier toensure, at least in part, that a communication is properlyauthenticated.

FIG. 8 shows the preparation for encrypted channels of communicationbetween a communication device and a communications server by preparingprivate keys 3 and 4 for transmission to the user of the device (furtherchecks are performed with regard to session and connection identifiersand checks on transmission only to authenticated IP addresses).

FIG. 9 shows a process executed by the login authentication server tocreate both an unencrypted message and encrypted messages that can besent to the client device (the unencrypted message, containing privatekey 3, is used to decipher the subsequent encrypted message thatcontains the final key (private key 4), that is used by the user'sdevice to decrypt all subsequent communications between thecommunication management server and the client (user) device).

FIG. 10 discloses further details pertaining to the encrypted (privatekey 4) and unencrypted messages (private key 3) disclosed in FIG. 9 (inan additional embodiment private keys 3 and 4 can preferably be sent indifferent messages).

FIG. 11 discloses the processing by the client device of a messagereceived from the login authentication server.

FIG. 12 discloses the final phase of logging in, pertaining to thedownloading and reading of the encrypted and unencrypted messages sentfrom the login authentication device to the client device.

FIG. 13 shows the client communication device initiating communicationswith the communication management server. The communication is encryptedusing a public key and a connection ID value as well as a deviceidentifier provided for authentication purposes.

FIG. 14 shows the communication management server querying the validityof the message (authenticating the message) sent in FIG. 13 and issuingthe client communication device with a new connection ID value.

FIG. 15 shows the final messages sent from the client device and thelogin authentication server to each other, prior to opening upcommunications. In particular the device identifier, connectionidentifier and user name are sent to the login server by the client andin return the client's communication device receives in return a sessionidentifier (multiple sessions per connection can be permitted) an IPaddress (identifying location of the server) and a second public key forthe user to encrypt messages together with a fourth private key for theuser to decrypt messages from the communication server.

FIG. 16 shows a touch screen display that features a plurality of imagesand colours that can be used for creation of a randomised password foruse in association with embodiments of the present invention.

DETAILED DESCRIPTION OF PREFERRED EMBODIMENTS

The description in the body of the specification pertains to preferredmodes of invention. Accordingly, features recited in the body should notbe construed to be essential features of the invention unless explicitlyindicated. Further, any reference in the body of the specification tothe expression “invention” should be construed to imply a reference topreferred embodiments only.

Embodiments of the present invention relate to network communications ofencrypted data. The process involves communication between servers andclient devices, with asymmetrical key exchange cryptography used incommunications between client devices and servers. A client device canbe any terminal, tablet device, mobile phone or another type of computerthat is configured to perform encrypted communications with servers in asecure network of the type described here. The secure network specifiedhere can include servers that perform tasks including loginauthentication servers, database servers and communications managementservers and other machines supporting the infrastructure of the securenetwork including load balancing servers, firewalls and routers. Usingthe process described here a session of encrypted communications canproceed even if communications between the device and the secure networkare passing through an insecure network such as the Internet.

FIG. 1 shows a user with a device 12, a person using the system tocommunicate with other people or with networked computers that providecontent to the user. A user 12 can communicate with a secure network 16directly or via the internet or another network 14. The device of theuser attempting to use this system can connect with a loginauthentication server 18 within the network and this server 22 cancommunicate with a database server 20 or servers in order toauthenticate the user. If the user is authenticated the loginauthentication server can send a response to the device of the user 12and this response message can contain data that can enable the device toreceive and send data to a communications management server 22.Communications between the device of a user and the secure network caninvolve the use of asymmetrical key encryption. Communications betweenthe client device of the user and the login authentication server 18 orthe communications management server are encrypted with private andpublic keys, but communications between a login authentication server 18and a communications management server 22 may not require encryption asthose communications can proceed within a secure network secured by afirewall and other mechanisms. Nevertheless, for purposes of creation ofasymmetrical key pairs a cryptography component 24 is provided.

FIG. 2 shows four key pairs used within this system to encrypt anddecrypt data communicated between the client device of a user andservers within the secure network. Data is encrypted by means of acryptography module 26 that creates key pairs and executes theencryption and decryption procedures. The cryptography module 26 can bestored as code on the login or communication server. Alternatively,those servers can engage other machines or computerised systems thatcontain the actual cryptography module 26 which exist within the securenetwork to execute the cryptography processes.

The first key pair 28 has a public key that a client device can use toencrypt messages being sent to the login authentication server. Theprivate key is stored within the server and it is used by the loginauthentication server to decrypt messages it receives from devices. Thepublic key is included in the application installer installed by smartphones, computers, tablets and similar devices (see FIG. 3).

The second key pair 30 has a private key that is used by acommunications management server to decrypt messages sent to it by aclient device, with the public key being sent by the loginauthentication server to the client device of a user in order for theclient device to create encrypted messages.

The third key pair 32 has a private key that is used to decrypt messageswithin a client device, in combination with a password entered by a userand the device identifier value and, optionally, the session identifier.In the process of generating the third key pair the password and thedevice identifier values can be used as input parameters included in thekey generation process, such that when the third key pair private key isused for the purposes of decrypting a message, the proper password anddevice identifier value must be provided in order for the decryptionprocess to succeed. The public key of the third key pair is used by thelogin authentication server to encrypt data that is sent from the loginserver to the client device. The encrypted data sent to the clientdevice includes such things as the IP address of a communicationsserver.

The fourth key pair 34 has a private key that is used within a device todecrypt messages sent to the device by a communications managementserver. The public key is sent to the communications server by the loginauthentications server.

To enable users with different kinds pt client devices to connect withservers providing encrypted network communications as described here,software can be developed and distributed through a variety ofdistribution channels.

In FIG. 3, a user with a smartphone 40 downloads application installersoftware 38 from an app store or software repository 36. A user with alaptop or desktop computer 48 downloads application installer software46 from a DVD or CD ROM 44. A user with a tablet device (54) downloadsapplication installer software 52 from a secure cloud hosting Internetsite 50. Through these and similar commonly known procedures, softwareis installed on the client device of a user with the result that theinstalled software application 42 is set up and able to engage in securecommunications with servers within a secure network. The client devicecan communicate with servers via a telecommunications network, theInternet or similar networks including intranets.

In FIG. 4 the main components of the entire system are shown. Theapplication installed on the device 60 is the same element of the systemthat is defined as item 42 in FIG. 3.

The application 60 contains a number of components. One component isexecutable code that can process instructions 72 including acryptography software component 74. Another component is a database 62that includes several items. One item within the database is thelocation 66 of a login authentication server 80 to which the applicationcan connect. The location value 66 can be stored in the database withinthe client device in the form of an IP address, URL or another dataformat describing a network location. A second item in the databasewithin the client device is a public key 64 of a first key pair. Theprivate key associated with the public key 64 resides on a loginauthentication server 80. This first key pair's public key can be usedto encrypt communications being sent to the server via a network 76.

The application 60 and the device 56 send and receive data from eachother via an interface component 58.

When the application is first installed the application can create a newitem of information in the database, a device identifier 70 value. Inorder to define this device identifier 70 value the application 60 canemploy different procedures in the case of a mobile phone device or inthe cases of a desktop computer or laptop. In the case of a mobilephone, the interface component 58 can get the IMEI number of the deviceor the IMSI number and pass this information to the application 60 andthen either of those values can be used as the value of the deviceidentifier value 70. In the installation process of the application 60onto a desktop computer, a different method of identifying the devicecan be used. The application 60 can be configured to execute a processin which an instruction is sent via the interface component 58 to thedevice 56, and this instruction contains a request that the deviceshould send a message via a connected network to a unique numbergenerator server 86 in order to get a unique identifier value 70 for thedevice. The number generator server 86 responds to this request bysending back a large number or text string 70. This response text ispassed to the application 60 by the device 56 via the interfacecomponent 58, and the application takes this value and creates adatabase record 70 in the database. The end result of these differentprocedures that can be performed for different types of devices is thatthe database gets updated with a unique device identifier 70 value thatis used to signify the device. Further to the above the device alsoflags and stores, for purposes of security, the number generator serverlocation 68.

FIG. 5 shows the first step of the login process for a user thatcontinues through a series of steps until the final step shown in FIG.12.

In FIG. 5 it is shown that the application displays a screen on thegraphical user interface of the client device enabling the user tointeract with the application. The user initially sees a log in form 88displayed on the screen of the device.

A user can be an individual who has been previously granted an accessright to log in to a secure computer network. This authorised user canbe given a password and a user name by the network administrator. Theuser enters the password 92 and a user name 90 or user accountidentifier in the login form displayed on the screen of the phone orcomputer device.

The user clicks or touches a button 94 labelled “Login”, or words tothat effect, and the application receives the data input entered by theuser. That data received by the application is passed to the applicationby the interface component and the device.

The installed application contains software programs including software96 that processes the login input data received from a user.

The software 96 takes the user name entered by a user and stores thatdata in a database or file 102. The password provided by a user is neversaved on the device. The software 96 creates a message 104 and thepassword is added 108 to that message along with the user name.

Other details of information are also included within the messagecreated by the installed application. Importantly, a process is executed106 that gets the device identifier value from the database of thedevice and that identifier is added to the message.

The message is then encrypted 110 using the first key pair public key.

FIG. 6 shows the second part of the login process for a user. Theinstalled application within a device sends the encrypted message to alogin authentication server. The application within the device'sdatabase 122 can pass on to the device 134 the IP address of the loginauthentication server 124. This IP address value is stored within thedatabase 122 of the application 112. The device receives the IP address124 and the encrypted message 114 via the interface component 132. Thedevice generates a signal 136 that is sent to the specified IP addressof the login authentication server 140 via a network 138.

At the specified IP address of a login authentication server there canbe a firewall configured to process data sent to that IP address. Thefirewall can connect with a load balancing server and other types ofmachines in a secure network. The various components of that securenetwork can work together so that the secure network as a whole is ableto listen and receive data from devices, to process input received fromclient devices, and to execute appropriate actions in response to theinput received from client devices. The computer network listening forsignals can be configured to block invalid communications and to processonly valid data.

A computer network of the type described here can receive a huge rangeof invalid communications from a range of sources, includingcommunications from devices engaging in a distributed denial of serviceattack that attempts to harm the network. The firewall of the securenetwork can be properly configured to manage these sorts of problems inan appropriate way. The specific firewall and network securityconfiguration measures that can be appropriate in response to differenttypes of attack must be constantly evolving in response to continuouslyevolving modes of attack employed by hackers and intruders, so thosematters will not be further described here.

FIG. 7 shows the processing of the encrypted message sent by a clientdevice to a login authentication server 150. The login authenticationserver is able to execute software programs and it is in possession ofthe first key pair's private key. This private key is associated withthe first public key used on the client device to encrypt a message.

A network that the signal is transmitted through may not be entirelysecure. Internet or phone network communications can be intercepted andread by processes such as the “man in the middle attack”. But becausethe signal contains a message encrypted with asymmetrical key encryptionan encrypted message can only be deciphered by a machine that canexecute a deciphering software process, which includes the associatedfirst key pair private key.

Further to the above, the prospects of a “man in the middle attack” canbe minimized, according to embodiments of the present invention, if thebroad philosophy of ensuring that a communication device onlycommunicates with a server when the server's identity (by way of aserver identifier), the device's identity (by way of a deviceidentifier) and an associated communication channel between the deviceand the server have been secured using asymmetric key encryption.Additional layers of security can be provided by way of the use ofauthenticated sessions (using session identifiers) operating betweenauthenticated connections (using connection identifiers) in associationwith authenticated users who having authenticated passwords. Additionalmodes of security can also be provided by the use of manual distributionof the third private key so as to ensure that a man in the middle attackdoes not access unencrypted private key three as seen in FIG. 3 (therebeing at the time of transmission of private key number three no way todecrypt an encrypted communication by a user). Further, to the above,not only can a server be identified by its IP address and a device byits IMEI number (or other indicia), but the location of either theserver or the device can be identified and authenticated using alocation identifier to provide an additional layer of security.

The login authentication server 150 receives a signal from a device. Thesignal contains an encrypted message that is deciphered 148 by means ofsoftware programs executed by the login server. The deciphering processuses the first key pair private key, and the result of decryption isthat a decrypted message containing a password 144, user name 142 anddevice identifier 146 are read and stored in memory by the loginauthentication server.

The login authentication server takes this data and sends a query 152 toa database 158 connected to the secure network in order to determine ifthe user name and password combination is correct. When the query isexecuted and the user name and password are not valid 154 a message issent back to the client device by the login authentication serverinstructing the application running on that device to show the passwordentry screen to the user again so they can re-enter their user name andpassword. In the event of repeated failed attempts to log in, the loginauthentication server would stop communicating with the device or engagein other, appropriate responses that are determined by networkadministrators.

If a password and user name combination are correct 156 the user loginprocess can move on to the next stage.

FIG. 8 shows a set of processes executed within the login authenticationserver in the event of a valid user login as indicated by item 156 inFIG. 7.

The login authentication server has details of the current user 160,notably the user name, password and device identifier. The loginauthentication server then creates a new session identifier 162 valueand a new session of communications for the device and user.

The login authentication server then executes procedures to create twosets of asymmetrical keys. Key pairs known as the third key pair andfourth key pair are created 164.

The login authentication server queries a database 166 to get details ofa communications server that can manage communications for the clientdevice. The database response contains an IP address and a second keypair public key of a communications server. Additionally, another IPaddress for a second login authentication server is received from thedatabase. The second login authentication server IP address can be sentto the client device so that in future communications the device can usean alternate login server to connect to the network and so as a resultdiminishing the traffic sent to the initial login server.

In the event of a distributed denial of service attack against aspecific IP address and the specific login server listening to networktraffic at that IP address, the login attempts of users with devicesconfigured to connect to different login servers at different IPaddresses are unlikely to be directly affected.

The authentication server sends an update messages 168 to the databaseinstructing the database to update its records with changed details. Theupdated details are the session identifier value and the IP address ofthe communications server that have been designated to managecommunications for a specific user and device, and the new loginauthentication server that has been assigned to the user.

The login authentication server creates a new message, a new containerof information 170. It adds the third key pair public key, the username, session identifier and device identifier to the message.

The login authentication server also adds another item to the message, aconnection identifier value 172. The connection identifier value can becreated at this time or it can be a stored value which is listed in adatabase and which is now listed to be connected with the client device.

The login authentication server then sends this message 174 to the IPaddress of the communications server assigned to manage affairs for theclient device.

The communications server sends a response message back to the loginauthentication server 176 confirming that it has received the message.

The communications server sends a message to the database 178 confirmingit has received the message, and instructing the database to update itsdata with the information that it is now going to manage communicationsfor a specific device.

The communications server waits 180 for communications to be sent to itby the client device.

FIG. 9 shows a process executed by the login authentication server tocreate both encrypted and unencrypted messages. The process in questionstarts at 182 for purposes of creation of an encrypted message.

To begin with, a message container is created 184 and the sessionidentifier value is added to the message 186, along with the IP addressof a communications management server 188 and the second key pair publickey, a public key that can be used to encrypt messages that can be sentto the communications server. The fourth key pair private key is added190 to the message, so that the client device can decrypt messages sentto it by the communications server. The IP address of a new login server192 is also added 194 to the message, so that the device can connect toan alternate login authentication server.

The message is encrypted 196 using the third key pair public key.

A second message is created 198 and the encrypted message 200 is putinto the second message.

The third key pair private key is added to the message 206, with thefinal result 202 that the final message contains the encrypted message204 and the unencrypted private key 206.

FIG. 10 shows the full contents of the message created in the stepsshown in FIG. 9.

Within the unencrypted message that is be sent to the user 208 there isan unencrypted third key pair private key 210. There is also anencrypted object 212 that contains the session identifier 214, the IPaddress of a communications server 216, the connection identifier value218, the IP address 220 of a new login authentication server, the secondkey pair public key 224 that is used for sending messages from a deviceto a communications server and the fourth key pair private key 226 thatis used for deciphering messages sent by a communication server to thedevice.

The message containing encrypted and unencrypted data is converted intoa signal by the login authentication server 228, and this signal is sent230 to the device.

FIG. 11 shows processing of data received by the client device from thelogin authentication server.

The client device receives a signal from the login server 232 and thedata in the signal is passed on 234 to the interface component. Theinterface component passes the data 236 to the application. Theapplication reads the data 238 and extracts the unencrypted 242 andencrypted 244 elements within that data 240. The encrypted andunencrypted data are saved 246 in the database. The unencrypted databeing the third key pair private key.

The application then displays a form visible to the user on the screenof their device 248, displaying a form into which they can enter theirpassword for the second time.

FIG. 12 shows the final part of the user login process.

The user can enter their password 252 as text input into the form 256,then they can submit the form by clicking a “finalize” login button 254or some similar process.

Data is passed from the device to the application via the interfacecomponent, and the application launches a process 258.

In the process 258 the password is received from the login form 262,then the user name and device identifier values are retrieved from thedatabase 264, and the unencrypted third key pair private key sent by thelogin authentication server 266 is also retrieved from the database,along with the encrypted data sent by the login server. In combinationwith the password and device identifier, the third key pair private keyis used to decrypt the encrypted data and read the contents 270.

The content of the encrypted data is the IP address of a new loginauthentication server 272, the connection id 274, the second key pairpublic key used for sending messages to the communications server 276,the IP address of the communications server 278, the session identifiervalue 280 and the fourth key pair private key 282 used for readingmessages sent from the communications server. These values are saved inthe application database 284.

FIG. 13 shows procedures executed after data is saved in the database.

A message is created 286 that is to be sent to the communicationsserver. The session identifier, user name, and device identifier areadded to the message 288.

The message is encrypted with the second key pair public key 290.

A second message is created 292 and the encrypted message is placedinside it. The connection identifier value is put inside the message294. The message is sent to the communications server 296.

The communications management server receives the message from thedevice via the network 298.

FIG. 14 shows procedures executed within the communications managementserver when it receives the message 300 from a client device.

The communications management server reads the unencrypted connectionidentifier value 302. The communications management server queries thedatabase 304 to find if this is a valid connection identifier.

If the connection is valid, the communications server can use the secondkey pair private key to decrypt the message 306 it has been sent by theclient device.

The message is decrypted and read in the memory of the server 308 andthe server executes an update query, instructing the database that theuser has logged in and that their session should be persisted for anadditional period of time. Normally, this extension period can be aperiod of three minutes but other time gaps can be used within thesystem depending on specific requirements within differentimplementations.

The communications server sends a response 310 back to the device. Thisresponse can optionally include a new connection identifier.

This connection identifier value has several functions within the system(outlined in the following paragraphs).

The communications server queries a database to see if this connectionidentifier is valid. If the connection identifier is invalid then theserver will not attempt to decrypt the encrypted part of the messagereceived from the device. The decryption process is a resource intensiveprocedure and the communications server can be programmed to rejectinvalid data requests that can be originating from criminals or hackers.

The second function provided by the connection identifier is that whenthe communications server does a database query and finds this is avalid connection identifier, the connection identifier can in fact be ashared value that two or more end user communications devices share.That is, one user John Smith can engage in an encrypted chat sessionwith another user Tom Brown and both of them can share the sameconnection identifier. The communications server can be programmed todifferentiate between messages sent by Tom Brown and John Smith by asimple mechanism. This mechanism is that she connection identifier valuecan be a value like: 9098898-03. When the server receives the message itcan split the message into two parts at the dash “-” producing the twovalues 9098898 and 03. Both John and Tom can send the 9098898-part ofthe message but they can have two different end parts such as “03” and“01”. So that when the communications server sends a request to thedatabase to ask the database if the connection is valid, it can send theentire string 9098898-03 to the database and that database can say “yes”the person this value refers to has a valid login. Then thecommunications server can use its Private Key to decrypt the wholemessage sent from the client and to get instructions from within thatmessage about the specific data the client is asking for. Then thecommunications server can then provide that data to the device, whichcan take many forms such as communicating text or files, or streamingaudio or video content to that user.

After the communications management server has been configured to managecommunications with a specific client device such as a mobile phone, theapplication on the phone can connect to the communications managementserver and be sent a collection of data that can be displayed on thescreen for a user to see. The user can see icons or lists of items thatthe user can interact with via the installed application. There are manykinds of items that can be made available to the user, includingencrypted documents that can be downloaded via the communicationsmanagement server, or channels the user can choose to access in order toengage in encrypted voice or video communications.

Within a system that operates according to the system described herein,the problem arises, that data viewable on the device must be secured sothat only an authorised user can view data sourced by the device from acommunications management server. In the process described thus far,according to one embodiment, a secure session of communications isestablished and that session can persist indefinitely. Therefore, if aphone were stolen by a thief then the thief could launch the applicationand view or download encrypted files or other encrypted content. Inresponse to this security threat, a timeout for the session can beimposed and as a result, the session can expire and the user canterminate the encrypted communications after a short period ofinactivity. For instance, within this system a communications server canbe programmed to stop communicating with a device after three minutes ofinactivity by the user. Further to the above, manual audits (checks)upon certificates issued to users can be implemented to cancelsuspicious security certificates and to terminate access by users whoseauthentication appears questionable. Further, to the above, additionallevels of security can also be added to the system in the form ofbiometric authentication and device specific, including IMEI numbers, tofurther strengthen the process of authentication.

One method of resuming communications would involve the user re-enteringtheir password.

After a timeout has occurred, the user of the application running on theclient device can attempt to communicate with the communicationsmanagement server. For example the user can click on a button visible ona mobile phone interface and attempt to access an encrypted file. But ifa logged out user attempts to access an encrypted file, when thecommunications server receives an encrypted message from the devicecontaining a request to get the encrypted file, the communicationsserver can then first query a database and receive a response informingthe server that the communications session for this user has expired.The communications management server would then send a message back tothe application running on the client device instructing the applicationto reconnect with the login authentication server. The mobile device orclient computer can be directed to send a request to commence a newsession of communication.

The application executing encoded instructions within a mobile phone orother device receives the instruction that the user must log in againwith a password. The application creates a message containing the username and device identifier value, and this message is encrypted usingthe first key pair public key. The application then creates a secondmessage and includes the encrypted message within the second message.Then the application adds the connection identifier value to thatmessage.

FIG. 15 shows the encrypted message sent to the login server. Themessage 284 contains the connection identifier 282 and the encryptedmessage (276) that contains the user name 280 and device identifiervalue 278.

As further displayed in FIG. 15, the login authentication server returnsa block of encrypted data 290 containing the following items: A newsession identifier value 292; the connection identifier 296; the IPaddress of a communications server 294; the fourth key pair private keyfor decrypting messages sent from the communications management server,302; the second key pair public key for encrypting messages sent to thecommunications server 300; the IP address of a new login authenticationserver 298.

The device receives this data and passes it to the application via aninterface component. The application running on the device processes thedata it receives and then displays a user interface shown to the user.The user is required to enter a password in a data entry field. When thecorrect password is entered via the interface the application takes thisinput and uses the password in combination with the device identifierstored within the application and the user name. The application thendecrypts the block of encrypted data revealing the six items ofinformation that the encrypted data contains. The application savesthose six items in a database or file, overwriting the old itemsassociated with a previous session of communications.

The application immediately sends an encrypted message to the newcommunications management server. This encrypted message contains theuser name, device identifier, and the new session identifier value.

Connected to this process happening on the device, the loginauthentication server can also send a message to a new communicationsmanagement server. This message contains the following items: A newsession identifier value; the user identifier value of a specific user;the device identifier; the connection identifier; the third key pairpublic key for encrypting messages sent by the communications server tothe device.

After receiving this data the new communications management server canengage in encrypted communications with the specified device.

This completes the description of one method of resuming a session ofcommunications.

A second method of extending a session of communications will now bedescribed.

When a user has established an active session of communications byentering a password, a user can engage in different types of interactionwith the application.

One procedure can be a procedure for the purpose of creating analternative method of logging in and user authentication.

One type of interaction that can facilitate a login can involve a usertouching a touchscreen interface on a mobile phone, tablet or similardevice and recording a series of swipe movements created by the user onthe touchscreen (the movements being recorded in the system and used asa type of password).

FIG. 16 shows a login display screen that can be used in associationwith embodiments of the present invention. In one embodiment of thepresent method of using a touchscreen, a number of images of objects andblocks of colour can be arranged in a grid on a screen, as in FIG. 16,and a user can drag an object from one location and drop it in adifferent location.

If a set of pictures as seen in FIG. 16 were shown on a screen,including a picture of a bicycle and a picture of a circle, and if therewere blocks of colour on the screen including blocks of red and white, auser can interact with the touchscreen and create a series of movementsthat can be described in the following way: Circle-Red-Bicycle-White. Asequence of movements that can be recorded as “Circle-Red-Bicycle-White”can involve a user touching an image of a circle and dragging it acrossthe screen to a position where it is on top of a block of red colour,lifting the user's finger away from the screen, then touching the imageof a bicycle and dragging the finger across the screen to a block ofwhite colour, then finally lifting a finger away from the screen.

A user can generate a sequence of data of the type“Circle-Red-Bicycle-White” and this data can then be sent to thecommunications management server where it can be saved as what can becalled a swipe pattern password login method. This swipe input data forthe swipe method password is never saved on the device itself by theinstalled application, just as a text password is never saved by theapplication. The swipe input data can be sent as an encrypted message tothe communications management server and that server can send aninstruction to the database instructing the database to update thedetails of the current user with the details that the specified user hasentered, being the specific swipe input data “Circle-Red-Bicycle-White”.

A timeout can also occur, in which the session of communicationsexpires. After the communication session has expired the applicationwithin the device can be programmed to display a grid of images andblocks of colour to the user. This can be the same or similar to thegrid the user interacted with when creating and saving their sequence ofswipe movements “Circle-Red-Bicycle-White”. The user can then enter theproper sequence of movements, “Circle-Red-Bicycle-White” and thissequence can be converted into data that is encrypted and sent as asignal to the communications management server, along with the deviceidentifier value, the session identifier value, and the user identifiervalue of the current user.

The communications management server can receive the encrypted data,decrypt the data, read the data “Circle-Red-Bicycle-White”, query thedatabase, and find that this data is the correct swipe input data forthe user. The communications management server can then update thedatabase with a query that extends the expiry time of the communicationssession of the client device and as a result persisting (continuing) thecurrent session and allowing the user to continue to access secureresources.

A further extension of this swipe password method can be implemented, aswill now be described. If pictures such as a bicycle, a circle, stars, afish and so on, are randomly ordered in an array and sent to acommunications device (and an associated password application), then theimages can be laid out in an arrangement such that the stars, are secondin the array (from the top left) the fish, fourth in the array from thetop left and so on as seen in FIG. 16.

Then, if a person was to record a swipe password in the form“Stars-Red-Fish-Orange”, this sequence can then also be described as“2-Red-4-Orange”. Additionally, if the colours were identified by theirposition from the top left corner when going in a clockwise direction,then the Pink area could be described as 0, Red as 1, Orange as 2,Yellow as 3 and so forth. Using this type of notation the sequence“2-Red-4-Orange” can also be described as “2-1-4-2”. Through thisprocess the device can generate the password pattern “2-1-4-2” and sendthat to the login authentication server, and then the loginauthentication server that sent out the original randomly ordered arraycan determine that the user entered the pattern “Stars-Red-Fish-Orange”in a swipe movement sequence.

Through this method of creating the password pattern “2-1-4-2”, the usercan enter a different swipe pattern each time they enter their passwordpattern that includes the Stars and Fish images. Or to state the resultin a different way, the user can enter a different password each timethey use this swipe method. Further to the above, the location of thecolours can also be randomised in a further embodiment, therebyincreasing the complexity of passwords generated.

Each time the user re-enters their swipe gesture they can enter adifferent sequence of moves, since the images will be rearranged indifferent random positions within the grid of twenty four images by theserver when the server creates the random image order sequence and sendsthat to the device. In other words, each time the user enters a passwordthey can enter a different swipe movement, or what can be called aRandom Swipe Pattern Password.

The entire encrypted login process can require that a user must enter astrong password as a text string that is entered once a day. But if auser has used an application several minutes earlier and the session hastimed out then the swipe method can be used to quickly restart thesession.

The swipe method, then, is a method of extending an active session.

This completes the description of a second method of resuming a sessionof communications.

A method by which a new user can join and use a service that utilizesthis encrypted login process will now be described.

A new user downloads and installs an application on a client device.When the new user launches the application on the touchscreen of theirmobile device, or on a screen of another kind of client computer, theuser can see a form in which they can enter a user name and password.

The user can then enter a user name, for example their existing emailaddress or mobile phone number. They can also enter a password. Thenthey click a “Join” button to submit this data for processing.

If the user has not entered a sufficiently strong password theapplication running on the client device can alert the user that theymust choose another password (a suitably complex password) and againclick the “Join” button.

If the user has entered a strong password then the application runningon the client device can execute a process that takes the user nameentered by a user and stores that data in a database or file. Theinstalled application also executes a process to create a message andthe new user's password is included in that message, along with the username. Other details of information are also included within the message,including in one embodiment, the device identifier. After the messagecontaining the password and other details are created and populated withdata, the installed application software can encrypt the message usingthe first key pair public key provided by a login validation server andcreate an encrypted message.

The installed application can execute encoded instructions that send theencrypted message to the device via the interface component and thedevice can create a signal that is sent through a network to the IPaddress or URL of a login validation server.

The login validation server can receive a signal from a device. Thesignal can contain an encrypted message that is deciphered by means ofsoftware programs executed by the server. The deciphering process usesthe server's private key, and the result of decryption is that theoriginal unencrypted message contains a password, user name and deviceidentifier can then be read into computer memory by the loginauthentication server.

The login validation server can then take this data and queries adatabase connected to the network to determine if any other current userof the service is using the user name. If there is no other current userwith that user name a process can be completed through which a new useraccount is added to the secure network.

The login validation server can then execute processes that areidentical to the procedures described earlier (in FIG. 8 and later FIG.$) in regards to the establishment of a new session of communications.

A communications server can be supplied with information so that it canmanage communications for a specific user. And the device of the usercan be sent data that enables the user to log in and access resourcesvia the communications server.

Copyright in respect of drawings associated with this applicationremains the property of NOWWW.US Pty Ltd ACN 137 333 709 and itsassigns.

What is claimed is:
 1. A method for securing a signal passing between acommunication device and a server, comprising a step of: including, onat least two occasions, a password associated with the communicationdevice in the signal, where the signal has been encrypted usingasymmetric key encryption.
 2. The method as recited in claim 1, furthercomprising a step of: including a location identifier for thecommunication device in the signal, in order to authenticate the signal.3. The method as recited in claim 2, further comprising a step of:including a device identifier for the communication device in thesignal, in order to authenticate the signal.
 4. The method as recited inclaim 3, further comprising a step of: including a server identifier forthe server in the signal, in order to authenticate the signal.
 5. Themethod as recited in claim 4, further comprising a step of: including aconnection identifier, associated with a connection between the serverand the communication device, in the signal, in order to authenticatethe signal.
 6. The method as recited in claim 5, further comprising astep of: including a session identifier, associated with a sessionoccurring between the server and the communication device, in thesignal, in order to authenticate the signal.
 7. The method as recited inclaim 6, further comprising a step of: randomizing the communicationdevice's display screen for purposes of entry of the password, in orderto authenticate the signal.
 8. A computer system further comprising: aserver; means for storing data used by the server; means forasymmetrically encrypting a signal that passes between the server and acommunication device connected to the server; means for authenticatingthe signal using a password that has been passed to the server from thecommunication device on at least two occasions.
 9. The system as recitedin claim 8, wherein the means for storing data contains a locationidentifier for the communication device, wherein the location identifieris used to authenticate the signal.
 10. The system as recited in claim9, wherein the means for storing data contains a device identifier forthe communication device, where the device identifier is used toauthenticate the signal.
 11. The system as recited in claim 10, whereinthe means for storing data contains a server identifier for the server,where the server identifier is used to authenticate the signal.
 12. Thesystem as recited in claim 11, wherein the means for storing datacontains a connection identifier associated with a connection betweenthe server and the communication device, where the connection identifieris used to authenticate the signal.
 13. The system recited in claim 12,where the means for storing data contains a session identifierassociated with a session occurring between the server and thecommunication device, where the session identifier is used toauthenticate the signal.
 14. The system as recited in claim 13, whereinthe communication device contains means for randomizing the device'sdisplay screen for purposes of entry of the password, where the passwordis used to authenticate the signal.
 15. The system as recited in claim14, further comprising means for biometrically authenticating thesignal.
 16. The system as recited in claim 15, further comprising meansfor terminating communication between the communication device and theserver if the signal is not authenticated.
 17. A computer system furthercomprising: means for determining location of a communication deviceconnected to the system; wherein the system is secured using asymmetrickey encryption.
 18. The computer system as recited in claim 17, furthercomprising: means for securing the system using a device identifier forthe communication device.
 19. The computer system as recited in claim18, further comprising: means for randomizing the communication device'sdisplay screen for purposes of entering a password into thecommunication device, in order to secure the computer system.
 20. Acomputer system further comprising means for randomizing the system'spassword entry display in such a way as to secure the system.